WMWTA is committed to to education. The below links represent just a sampling of information available to individuals and corporations regarding trade.
April 4, 2018 / by Amanda Osorio
If you think Facebook is the only company that needs to think about data privacy and security issues, unfortunately you are mistaken. Right now, most companies need to consider whether or not there are prepared to protect the personal data of their customers. Not only because of the outrage and backlash that companies face in the aftermath of a breach but because of regulations like the GDPR and other data protection laws. The General Data Protection Regulation (GDPR) is a regulation that has been passed by the European Union and is set to be implemented in May 2018 and companies need to take steps to meet GDPR compliance requirements.
GDPR could still apply to your company if you offer goods and/or services to people in the EU and you collect data from them or if you process data received from a third party who does. This is important because non-compliance could result in massive fines up to 20 million Euros or 4% of global company turnover, whichever is higher. These fines are high due to the EU’s intention to deter companies from misusing data.
The GDPR allows for personal data processing where the owner of the data consents and you have legitimate reasons to collect the data or when the processing is necessary for tax, legal, or other reasons.
Personal Data as defined by the GDPR includes any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The GDPR also places restrictions on and regulations regarding the transfer of Personal Data outside of the European Union. Data breaches must be reported to authorities within 72 hours and companies must have a process in place to notify potentially affected individuals.
This is not an exhaustive list of all requirements imposed by the GDPR. It is imperative that companies have processes, procedures, technological capabilities and training in place so that they can comply.
The GDPR is a complex law with significant impact on the business community. Time will tell us the full extent and impact on business but we recommend taking steps now to move toward compliance. Contact Revision Legal for more information or for further guidance and resources.